Comment 2 for bug 195700

This bug was fixed in the package xine-lib - 1.1.11.1-1ubuntu1

---------------
xine-lib (1.1.11.1-1ubuntu1) hardy; urgency=low

  * New upstream Version, merge from debian/unstable.
    - Freeze exception Granted in LP: #204557
    - Inclused Security fixes: LP: #195700
  * Remaining Changes:
     - add Replaces: libxine-main1 (<< 1.1.2+repacked1-0ubuntu1)
       in libxine1-bin to make dapper->hardy upgrades work (LP #203605)
     - Modify Maintainer value to match the DebianMaintainerField
       specification.

xine-lib (1.1.11.1-1) unstable; urgency=high

  * New upstream release.
    - CVE-2008-1482: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
      and FILM demuxers, allowing remote attackers to trigger heap overflows
      and possibly execute arbitrary code. (Closes: #472639)

xine-lib (1.1.11-1) unstable; urgency=high

  * New upstream release.
    - CVE-2008-0073: Array index vulnerability which may allow remote
      attackers to execute arbitrary code via a crafted SDP parameter in an
      RTSP stream.
    - DVD reader code no longer uses UDF-provided file sizes as
      authoritative. (Closes: #463177)

  [Darren Salt]
  * Remove the versioning from the libmagick9-dev build-dep.
  * Disable the pulseaudio plugin (don't build, don't install) and remove
    the build-dep on libpulse-dev for now due to instability: xine-lib has
    been observed closing the stream due to audio problems.
    (Closes: #471676)

  [ Reinhard Tartler ]
  * add support for 'parallel' keyword in DEB_BUILD_OPTIONS

 -- Reinhard Tartler <email address hidden> Tue, 01 Apr 2008 09:33:39 +0200